Suggestion: Move "Deny List" from maturity level 2 to level 3

ossf / s2c2f

The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow.

Other

175 stars 23 forks source link

Suggestion: Move "Deny List" from maturity level 2 to level 3 #1

Closed camaleon2016 closed 1 year ago

camaleon2016 commented 1 year ago

Based on continued discussions, "deny list" capabilities best aligns with the Theme of Maturity Level 3, which is all about preventing the consumption of malicious/compromised packages into your development workflow.

adriandiglio commented 1 year ago

This has been addressed in the latest version